The Resilience of Austria to the Threat of Cyber-Attack

Executive Summary

The study focuses on examining the resilience of Austria to the threat of cyber-attack. The approach includes a qualitative study and a review of government sources and academic literature. The main sections entail introduction, literature review and methodology, key findings and discussions, conclusion, and recommendation. Under the introduction, the manuscript provides the background and history of cybercrimes and threats. The document illustrates the statement of the problem alongside the key objectives to evaluate during the study. Furthermore, there is a comparative study on various countries related to the chosen area of interest. Under the review of collected works, the substantial concentration is put on the values of various activities amounting to threats and cybercrime. Besides, the researcher explores the trends in the world to help deduce value conclusions and recommendations. Under the findings, the study provides a clear illustration of what the previous scholars established to ascertain the importance of modern society. Additionally, there is a need to make comparative reference to government documents to appreciate the role of legislation and governance in technology and development. There are several aspects that may pose a danger to cyber users; hence, the motivation should remain on manifested implication instead of opinions and outcries.

Introduction

Post-industrial societies and developed nations leverage cyberspace in their bid for economic, cultural, social, scientific, technological, and political development more than ever. The digital space is emerging as the backbone of all economies, an active research community, a transparent government, and a free state (Milanovic & Schmitt, 2020). The public administrations consider the internet as indispensable resources, where they no longer rely on the traditional methods of service delivery to reach out to the public. Simultaneously, citizens should have confidence that addressees will receive their information promptly and reliably. However, this over-reliance on states and citizens on information technology and the internet has given space for new criminal activities. In other words, all users of computers are at a risk of facing online cybercrime and criminality. Cyber allows criminals to commit a crime in both the physical space and the cyber (Allison et al., 2020). For instance, a criminal may take advantage of technology to study the behavior of individuals to know when they are away from the house and rob their homes. In most cases, perpetrators do not require sophisticated devices as the crimes can be facilitated by simple equipment, including smartphones. For this reason, the police must keep pace with the new trends and technologies to know the opportunities they present for the criminals and how they can be applied to help fight cybercrime.

Background and Statement of the Problem

In today’s world, the digital transition is gaining traction in all aspects of life. Post-industrial communities and highly emerging economies use cyberspace to advance their technical, fiscal, social, cultural, science, and political advancement more than ever before. Digital infrastructures increasingly become the bedrock of a thriving market, influential science culture, an open state, and free democracy (Bahuguna et al., 2020). New information and communication technology, especially the internet, have drastically altered social and economic lives. Approximately three-quarters of the population in Austria uses the internet frequently, with half of this group doing it daily. In terms of technological advancement and the reliability of internal operations, the economy is being highly reliant on productive digital infrastructures. The government no longer relies solely on conventional service distribution networks but sees the internet as necessary for reaching out to the general population (Moshirnia, 2017). People must have faith that their data will be processed quickly and accurately by the intended recipients (Brown and Marsden, 2013). The foundation for economic development, stability, and the advancement of human rights is an accessible and free Internet and private information privacy and the transparency of interconnected networks. Successful online infrastructures are needed to provide general-interest resources to the public, such as electricity, water, and transportation. Digital infrastructures must be reliable and stable for people to reap a globalized and digitized society’s rewards (Brown, 2013). Cyberspace attacks pose a severe challenge to the protection and the state, culture, science, and society’s proper functioning. They have the potential to have a significant detrimental effect on individuals’ everyday lives. Non-state actors (such as offenders, organized crime, or terrorists) and state actors (such as intelligence services and the military) can also exploit cyberspace for their ends and disrupt its proper functioning. The challenges of cyberspace, as well as the constructive uses of cyberspace, are almost limitless. As a result, Austria has made it a top priority to make cyberspace adequately safe and stable at both the national and foreign levels. The word “cybersecurity” refers to protecting cyberspace infrastructures, data shared in cyberspace, and, most importantly, the people who use cyberspace. In both national and foreign ways, ensuring data protection is a top priority for the government, the economy, and society. The Austrian Cyber Security Strategy / ACSS (Austrian Cyber Security Strategy / SCS) is a systematic and constructive concept for safeguarding cyberspace and citizens in virtual space while upholding human rights. In cyberspace, it would improve the security and efficiency of Austrian infrastructures and services. Most significantly, it would increase Austrian society’s understanding and trust.

Study Objectives

The main objective of the report is to examine the level of resilience of the Austrian government in tackling the threats of cyber-attacks. The objectives include:

  • To understand the various types of cyber-attacks, country response, and the strategies for sustained resilience.
  • To compare how the neighboring countries have tackled the issue and their resilience techniques.

Significance

The study provides meaningful information on the nature of cybercrime and how Austria, in specific, put various strategies to curb this crime. Besides, the report provides additional insights into the existing literature on cybersecurity and threats. The information also helps to invent different ways to respond to various dangers in various capacities.

Literature Review

Global Trends

Cybercrime, also known as computer crime, uses a computer to carry out illicit activities, including fraud, trading in child pornography and intellectual property, stealing names and breaching privacy. It has increased in significance, particularly across the internet, as computers have become essential to trade, entertainment, and government. It reflects a continuation of current criminal activity and some novel illegal activities (Bertone et al., 2020). The majority of cybercrime targets personal, corporate, or government records. Although the attacks do not target a physical entity, they do target a person’s or companies virtual body, which is a collection of data that defines individuals and organizations on the internet. Indeed, in this modern era, virtual identities are becoming increasingly important: human beings are more or less a bundle of numbers and identifiers in various electronic databases controlled by governments and companies. Cybercrime emphasizes the importance of networked machines in people’s lives and the vulnerability of apparently indestructible facts like human identification. The difficulties countries face in combating cybercrime are exacerbated by the lack of a universally accepted concept of the term, making it impossible to create regulations that address those practices under the cybercrime umbrella (Darvas et al., 2020). Besides, since there are no cyber borders between nations, foreign cybercrime often undermines the efficacy of domestic and international legislation and law enforcement. Since several countries’ current regulations aren’t designed to cope with cybercrime, offenders are constantly committing offenses on the internet to avoid harsher penalties or the difficulty of being tracked down. Governments and businesses across the world have increasingly recognized the massive challenges that cybercrime poses to economic and political stability, as well as public interests. In terms of the business sector in general and service providers, national regulatory mechanisms play an essential role in cybercrime prevention. Data privacy regulations have been enacted in over half of the world’s nations, setting down guidelines for safeguarding and using private information. Unique standards for internet service companies and other electronic media providers are used in each of these regimes.

Cybercrime in Austria

Approximately three-quarters of the population in Austria uses the internet regularly, and the remaining quarter uses it only occasionally. In terms of technological advancement and the efficacy of internal processes, the economy is becoming increasingly reliant on successful online infrastructures. All of this exposes Austria, its citizens, and its government to cybercrime, prompting the government to implement countermeasures. With the insights obtained during the research and worldwide analysis meetings and debriefings with leading authorities within and outside the European Union, the Austrian interior ministry’s objective is to examine and assess development in this area, investigate the perpetrators, and protect internet users. Moreover, the Ministry of the Interior strives to continually develop adequate knowledge and new methods and adapt these, often temporary, regulations to Austria’s cybercrime position.

The Austrian government recognizes that Austria’s, the EU’s, and the entire group of nations’ cyber protection are inextricably linked; thus, an intense collaboration focused on cohesion at the European and international levels is needed to ensure cybersecurity.

In reality, guaranteeing cyber protection in national and foreign cyberspace has become one of Austria’s highest priorities and a prevalent task for government, national enterprises, and society. With the Austrian Cyber Security Strategy, Austria’s Federal Government developed a systematic and constructive concept for protecting cyberspace and its movement on March 20, 2013. Ever since the strategy has become the foundation of government policy in this region. At the same time, Austria’s EU participation requires that the GDPR mentioned above be used as a weapon in the battle against cybercrime, which means that, while people use private data outside the field of personal data Austria, the data protection legislation should apply. As a complex and coherent problem, Austria considers combating cybercrime both as one of the key duties of the Austrian Criminal Police and as part of the responsibility of the Austrian security authorities at the Ministry of Interior. The related Austrian authorities generally interpret cybercrime in two ways: limited and wide. In the narrower meaning of the Austrian background, cybercrime involves malicious activities that (a) include data or computer systems attacks and (b) involve information and communication technologies (ICT). According to Domańska et al (2018), these crimes are aimed against networks or computers, facilities or data on these networks, such as data corruption, hacking or DDoS attacks. The results are evident in other internet platforms too.

General and Particular Cases in Austria

According to the BKA, the number of cybercrimes in the narrower context “increased from 2,630 in 2016 to 3,546 in 2017, a 34.8 percentage point rise over the previous year. On the one hand, the condition seems to worsen: the number of such crimes registered in 2018 was about 19 627, up by 16.8% from 2017. On the other hand, the state’s ability to cope with them has grown: solved cases increased by 13.3%, from 6,470 in 2017 to 7,332 in 2018. Simultaneously, if one considers Austrian instances of cybercrime in the broader context,” these have been on the rise as well, particularly in the areas of fake certificates, ransomware extortion, sexual portrayals of minors on the internet, and widespread corruption. According to the Police Crime Statistics (PKS), the total number of offenders in cybercrime rose to 7,980 in 2018, up by 7.1 percent from 2017. The gender breakdown of the offenders was 70.1 percent (5,591) male and 29.9 percent (2,389) female. The plurality of potential criminals (3,547) is between the ages of 25 and 39, led by those over 40 (1,896) and those between the ages of 21 and 24 (1,110). It should be remembered that cybercrime has seen the largest rates of growth in Austrian criminality, presumably representing the continuing transition in traditional modes of crime into the digital realm.

In terms of the 2019 situation surveys conducted by the BKA for the first half of 2019 indicate a significant rise in internet crimes in Austria from January to June of that year, representing a 51 percent increase over the same timeframe in 2018. A surge in internet frauds recorded in 8,187 police accounts, up 32.3 percent from the previous year, seems to be the driving force behind the rise in volume. Taking a closer look at the figures, it seems that cybercrime in the narrow sense rose by 61.6 percent in 2019 (as cited in Ninotti, 2019). Such as cyber assaults on third-party computers, identity manipulation, and the Darknet trade in stolen identities. These patterns are expected to continue in the coming years. Finally, the group of other internet offenses had the greatest rise of 144.9 percent. Extortion, document forgery, money laundering, and other typical illegal activities have gradually migrated to the Darknet, where offenders can even buy ransomware, also known as crime-as-a-service. These are the general patterns, or numbers, as they are known. Following are two mini case studies of cybercrime in Austria, namely two cases of intrusion into governmental networks, which encapsulate the degree to which cybercrime is an issue impacting people’s wallets and a challenge for state/social protection in general.

Hacking of the Austrian People’s Party Server

As technology evolves, governments and their electoral management institutions need to adapt their way of thinking about protection. Fighting for the legitimacy of elections and political parties’ leadership in cyber-space is growing, and a minor technological flaw will endanger elections and political parties themselves (Rusinova et al., 2020). The increasing digitization of the electoral field highlights the degree to which the balance between openness and protection may be the key issue in computer security. Although technology must be fairly invisible for criminals, the activities expose numerous public users to hackers (Skopik et al., 2012). Acquiring voting technologies means more than just concrete applications and hardware. Leaking voting information is perpetuated by malicious hackers and involves infringements of rights of the users (Schallbruch & Skierka, 2018). In essence, the crisis has now reached a global level. Voter data may be subjected to a malicious hack, unintended spill, incorrectly installed security settings, or physical hardware robbery. Regardless of where exposure is concerned, corrupted voting data typically contains confidential and personal details.

On September 5, 2019, the Austrian People’s Party reported to the media, that there had been a targeted hacker attempt at its headquarters. The hacker (or hackers) had obtained links to the political group databases on July 27 and had exfiltrated 1.3 terabytes of data by the end of August 2019 (Gouglidis & Hutchison, 2017). The People’s Party said the assault took place because the media have published sensitive information about the party’s contributions and campaign financing (Shafqat & Masood, 2016). In October 2019, the Austrian media announced that the suspected assault by hackers on the People’s Party’s offices seemed to have been launched by a server in Vienna (Allison et al., 2020). Initially, clues led investigators to a superhero fans club in the Favoriten district in Vienna. However, the club members themselves may have been hostages of the hackers. It seemed that the club’s server might have been compromised and used as an assault site against the server of the People’s Party when working on the club, authorities saw some unusual IP addresses, which may result in the real suspects (Shafqat & Masood, 2016). Therefore, cybersecurity is a global concern that endangers the life of many users.

Regional Thread

Cybersecurity, described as reducing cyberspace threats to an appropriate level, is a whole-of-government responsibility in Germany. This is mentioned in the latest basic text on German defense policy, the White Paper from 2016. Few aspects of security areas are interconnected as cyberspace. This involves the security of vital facilities through a group of people working together (Murino et al., 2013). Nonetheless, these are spheres of accountability still under a whole-of-government strategy. The Federal Ministry of the Interior affairs takes responsibility for the cyber security and the safety of civilian facilities. It is also in control of Germany’s cyber-security policy (Gouglidis et al., 2016). International cybersecurity strategy is shaped by the Federal Foreign Office, whereas the Federal Ministry of Defense handles cyber defense (Naughton, 2012). Meanwhile, The Czech Republic’s Cyber Security Strategy was established under the Czech Republic’s Security Strategy’s guidance and principles. It outlines the Czech Republic’s priorities and intentions in information protection, which are required to build a trustworthy information society with sound legal foundations, dedicated to secure cyber delivery and distribution of information in all fields of human activity, and ensures that information can be used and exchanged openly and securely (Cordey et al., 2019). Defense from attacks to which information and communication networks and technology are exposed and avoiding possible repercussions in the case of an assault against ICTs are critical priorities of the data security strategy.

Cybersecurity has become increasingly crucial in Swiss politics, as it has in every other European nation. The “National Strategy for the Protection of Switzerland against Cyber Risks,” published in 2018 and succeeded the 2012 strategy, is the key policy statement that directs Swiss objectives. Haddad and Binder (2019) assert that although the plan is steered from a central location, its execution is decentralized, with roles clearly defined. The implementation plan lays out specific steps for putting the 2018 strategy’s ten areas of action into action (Holt, 2012). It also defines roles and responsibilities, lays out quantifiable goals, and keeps track of implementation progress.

Findings and Discussion

It is critical to maintain consistency with the core principles of an open economy as Austria evolves as a digital society. In the context of e-government and e-commerce, a dynamic virtual space promotes socioeconomic welfare and economic benefits. It also acts as a platform for knowledge sharing as well as social and political engagement. According to Austria’s Cyber Security Strategy, availability, efficiency, and confidentiality of data sharing and the privacy of data itself are only guaranteed in a safe, resilient, and stable cyber space. As a result, the simulated space must withstand threats, survive vibrations, and adapt to changing conditions. Critical ICT networks can be designed to be as redundant as possible. Austria would ensure that its ICT infrastructures are stable and resilient to threats based on the national strategy of the relevant federal ministries. The government and the private sector will work together and as allies. Austrian authorities defend the legal commodity “cyber defense” by taking appropriate and proportionate steps in the fields of political-strategic monitoring, identification, and reaction, as well as impact restriction and restoration, in collaboration with non-governmental partners. Austria is creating a community of cyber defense by implementing a series of awareness initiatives. Existing collaboration is enhanced, and innovative efforts are facilitated and interconnected by developing expertise, skills, and capacities as part of a national discussion on cybersecurity.

Austria is a leader in introducing policies to protect the digital society as a result of this strategy. Austria’s attractiveness as a business location is boosted by the high availability, honesty, and secrecy of necessary ICT infrastructures. Austria will take an active role in global cooperation at both the European and global levels, including sharing intelligence, formulating international policies, designing voluntary systems and legally binding laws, pursuing criminal proceedings, organizing multinational exercises, and implementing cooperation programs. The Austrian administration’s e-government is stable and evolving; the Federal Republic of Austria, federal provinces, towns, and municipalities’ protection initiatives will be improved. Both Austrian businesses can safeguard the credibility of their software and their consumers’ identities and safety. In this phase, near and systemic cooperation among businesses is critical. The Austrian public should be mindful of the personal obligation that each citizen bears in cyberspace. Both residents can ensure that their online operations are adequately protected and have the requisite capability for electronic verification and signature.

Conclusion and Recommendations

Attacks from cyberspace are a clear danger to the states, economies, science, and society’s defense and efficient operation. They have the potential to have a significant detrimental effect on everyday lives. Non-state actors such as criminals, organized crime, and terrorists, as well as state actors such as intelligence services and the military can exploit cyberspace for their ends and disrupt its regular operation. Both the risks and the constructive uses of cyberspace are virtually limitless. As a result, protecting cyberspace at both the national and foreign levels is Austria’s highest priority. Cybersecurity refers to the defense of cyberspace networks, data sharing in cyberspace, and, most importantly, individuals who use cyberspace.

Global and foreign cybersecurity is a collective, central responsibility of the administration, the economy, and society. The SCS 2013 is a systematic and constructive concept for safeguarding cyberspace and its users while upholding human rights. The plan is intended to improve the security and stability of Austrian internet infrastructure and services. Most significantly, it would increase Austrian society’s understanding and morale. Cyberspace and the protection and welfare of those that use it are vulnerable to a variety of dangers and challenges, as cyberspace is often a hotbed of illegal activity. Operating failures and major assaults by state entities and non-state organizations utilizing cyberspace as an organizational forum not restricted by national boundaries are among the risks and challenges. These assaults may also be the work of foreign military organizations. A Cyber Risk Matrix was created to present the full range of challenges and threats. In 2016, the Risk Matrix was reviewed and modified. Cybercrime, identification theft, cyberattacks, and internet usage for terrorist activities are all new serious threats that demand strong national and foreign coordination between governmental and non-governmental organizations. This shows that addressing cyber threats is a high priority on the national agenda. All powers must work together through a whole-of-government way, and that national and foreign coordination and engagement are critical.

To develop a resilient system for curbing cybercrime threats, Austria can:

  • Create a structure for performance at the operational level. A framework for organizational coordination will be created based on and using established operational frameworks. It will serve as a forum for developing a seasonal and incident-related Cyber Security Picture and discussions on operational-level interventions. It will also offer a summary of the current state of cyberspace by gathering, compiling, analyzing, and disseminating related data. Economic sector participation should be acceptable and on an equitable basis.
  • Construct a contemporary regulatory framework. A detailed study analyzing the need for an extra legislative framework, administrative initiatives, and mutual self-commitment (Code of Conduct) for ensuring data protection in Austria will be well prepared and sent to the federal government under the aegis of Cyber Security Steering Group. This study would address, among other things, the development of necessary organizational mechanisms, authorities’ roles and forces, information sharing between authorities and private individuals, reporting responsibilities, the responsibility to implement safety precautions and supply chain security. When determining the responsibilities of non-state entities, a compromise between benefits and penalties must be maintained.

References

Allison, D., Smith, P., McLaughlin, K., Zhang, F., Coble, J., & Busquim, R. (2020). PLC-based cyber-attack detection: A last line of defense. In IAEA international conference on nuclear security: Sustaining and strengthening efforts (vol. 10).

Bahuguna, A., Bisht, R. K., & Pande, J. (2020). Country-level cybersecurity posture assessment: Study and analysis of practices. Information Security Journal: A Global Perspective, 29(5), 250-266. Web.

Bertone, F., Lubrano, F., & Goga, K. (2020). Artificial Intelligence techniques to prevent cyber-attacks on smart grids. Annals of Disaster Risk Sciences. 3(1), 0-0. Web.

Brenner, S.W. (2010). Cybercrime: Criminal threats from cyberspace. Praeger.

Brown, I. (Ed.) (2013). Research handbook on governance of the internet. Edward Elgar Publishing.

Brown, I. and Marsden, C.T. (2013). Regulating code: Good governance and better regulation in the information age. Mit Press.

Cordey, S., Dewar, R. S., Baezner, M., Robin, P., Bonfanti, M. E., Bierens, R., & Domingo, F. (2019). National cybersecurity and cyberdefense policy snapshots: Updated collection 2. ETH Zurich. Web.

Darvas, Z., Domínguez-Jiménez, M., & Wolff, G. (2020). From climate change to cyber-attacks: incipient financial-stability risks for the euro area. Bruegel Policy Contribution Issue n˚ 2.

Domańska, J., Nowak, M., Nowak, S., & Czachórski, T. (2018, September). European cybersecurity research and the seriot project. In International Symposium on Computer and Information Sciences (pp. 166-173). Springer.

Gouglidis, A., & Hutchison, D. (2017). Protection against Cyber Attacks: Introducing Resilience for SCADA Networks [PDF document].

Gouglidis, A., Green, B., Busby, J., Rouncefield, M., Hutchison, D., & Schauer, S. (2016). Threat awareness for critical infrastructures resilience. In 2016 8th International workshop on resilient networks design and modeling (RNDM) (pp. 196-202). IEEE.

Haddad, C., & Binder, C. (2019). Governing through cybersecurity: National policy strategies, globalized (in‑) security and sociotechnical visions of the digital society. Österreichische Zeitschrift für Soziologie, 44(1), 115-134.

Holt, T.J. (2012). Cybercrime and criminological theory: Fundamental readings on hacking, piracy, theft, and harassment. Cognella Academic Publishing.

Milanovic, M., & Schmitt, M. N. (2020). Cyber Attacks and Cyber (Mis) information Operations during a Pandemic. Journal of National Security Law & Policy (Forthcoming), 11, 247.

Moshirnia, A. (2017). No security through obscurity: Changing circumvention law to protect our democracy against cyberattacks. Brooklyn Law Review, 83(4), 1279. Web.

Murino, G., Armando, A., & Tacchella, A. (Eds) (2019). Resilience of cyber-physical systems: An experimental appraisal of quantitative measures. 11th International Conference proceedings on Cyber Conflict (CyCon) 900, 1-19

Naughton, J. (2012). From Gutenberg to Zuckerberg: What you really need to know about the internet. Quercus.

Ninotti, L. (2018/2019) Organized crime in Europe: a case study of the Russian organization (Rossijskaja organizacija). [Master’s Degree Thesis]. Luiss Guido Carli.

Rusinova, V., Martynova, E., & Kurakina, P. (2020). Fighting cyber-attacks with sanctions: New threats, old responses. [PDF Format].

Schallbruch, M., & Skierka, I. (2018). Cybersecurity in Germany. Springer International Publishing.

Shafqat, N., & Masood, A. (2016). Comparative analysis of various national cyber security strategies. International Journal of Computer Science and Information Security, 14(1), 129.

Skopik, F., Ma, Z., Smith, P., & Bleier, T. (2012, September). Designing a cyber-attack information system for national situational awareness. In Future Security Research Conference (pp. 277-288). Springer.